FindMyFreedomPhone

FindMyFreedomPhone

A solution for ordinary people to find their lost Freedom Phone or track and disable it if stolen.

Find My Freedom Phone

Wiki pages: Research | NGI Proposal


Find my lost phone, but I stay in control.

A convenient solution, that's there when we need it, for human-centred, ethical mobile devices.

Just this... with none of this...
nulide-fmd-icon-512 fmd-permissions-collage-1s

Introduction

"Find my phone" is one of the quality-of-life functions we expect from our mobile device. Most of the time we don't need it, but when do it can at least spare us some worry and inconvenience in the common case of mislaying our device, and occasionally it might mitigate the potentially devastating consequences of a theft.

With the "find my phone" concept we refer to a group of functions that we can activate remotely, such as reporting its location, ringing loudly even if it was in "silent" mode, locking it, and more.

Each Big Tech vendor offers their own variations on this theme. They do it by putting themselves in full control over everyone's devices. They run the service, their service controls all the devices, and their users have no feasible alternative.

We need "Find my phone" for freedom phones, in a way that allows people full authority over their devices and their services.

What is Find My Freedom Phone?

"Find my Freedom Phone" is a facility built from freedom software and open standards, that puts a person in control of their "Find my phone" functions.

They will be able to choose a service provider to support them. Unlike the Big Tech users, however, they will be free to change provider, use none at all, or supply their own service, as they prefer. And they will not need any existing service provider to give them permission, because they are in control.

Today, a power user can find open-source software which gives them such control. In the android-compatibles sector of freedom phones, Find My Device (FMD) by Nulide is leading the way. One can install the app, host the server, configure them, grant permissions, grant permissions again after updates, store the password(s), test the functionality from time to time, and use it. It's possible, but it's not practically accessible to ordinary people.

My proposal is to integrate this existing technology (largely from FMD) so as to make it readily accessible to ordinary people. A "one click" set-and-forget experience.

Why Work on Find My Freedom Phone?

When we choose a human-centred, ethical mobile device or "Freedom Phone" for short, we seize the means of computation and communication for ourselves. We are looking to be in control of our own relationships with technology and through technology; we are expecting privacy and ethics that align with human values rather than with Big Tech's desire to control and "monetize" us all; and we also want and expect many of the conveniences that Big Tech's devices would offer, but designed in a different way.

There are a few families of Freedom Phones today: android-based, linux-based, and some hybrid or independent kinds. They are very capable in the main areas: web, apps, photography, phone calls. Yet they are still lacking in a number of areas, like backup and migrate, push messaging, personal data storage and sync. Across the ecosystem in general these areas are at early stages of development. Each area individually may be of secondary importance but taken together they represent a significant gap still to be filled to make Freedom Phones appealing to ordinary people.

We now need to build those quality-of-life features. Anything we can do to fill the gap is a step towards making Freedom Phones more widely accepted, bringing the associated freedoms to more people and encouraging further progress in other areas.

On a personal level, I want to give my family members a Freedom Phone that not only performs the basic functions, but does so comfortably, safely, reliably. I want to work in any way I can to close this gap.

The Wider Scene, Background, Rationale

People deserve both the right and the practical possibility to use a phone that is not controlled by Big Tech but by themself or their choice of provider, perhaps local to them. Freedom phones are not controlled by big tech, and instead connect to freedom services and run freedom software. There are by now several options for freedom phones, and they are well developed in their primary functions, the things we interact with, like the web browser, phone calls and installable apps.

Scope

This NGI-MobiFree project covers integration towards "find my phone" being available to ordinary people using freedom phones. People will find that the functions they need will be ready to use when they need them, without (much) prior thought and configuration.

This project's focus is on:

  • integrating the core functionality;
  • making the whole setup process as close to one-click as possible;
  • allowing owner to choose their service provider, or none, defaulting to a system-wide choice;
  • presenting the result in a way that OS integrators can most readily adopt it, e.g. sufficiently explained, and published APIs and protocols.

Not in focus:

  • user interface design
  • the range of specific functions offered (like ring, locate, take photo, lock...)
  • the FMD-server side (assume FMD-server for the time being)

Choose a Service Provider

The owner may choose any kind of service provider, commercial or professional, self-hosted or friend, or none at all.

For ease of use in the common case, the device owner should be given a device-wide setting to choose the provider of all their network services on that device. The find-my-device service would look for that setting, as its default choice, at set-up time.

Requirements / Use Cases

Scenarios:

  • Lost at home: ring or otherwise locate my (or partner's) phone...
  • Lost in public: locate, track, soft-disable, message to finder...
  • NOT IN SCOPE: Theft: locate, track, hard-disable, wipe...

Access modes (device owner may use any combination):

  • Owner delegates authority to or through a chosen service provider.
  • Peer-to-peer: group of trusted devices; no service provider.
  • SMS: a limited kind of service provider, widely available. (Caution: insecure system.)

Authority modes (device owner chooses one):

  • delegate authority: device owner fully trusts the service provider or peer devices: they can control our device.
  • delegate access only: device owner keeps their device credentials separately.

A hybrid authority mode is reasonable: for example, let the service provider or peer devices have access credentials for common actions such as "ringing", but not for more destructive or sensitive actions.

Pre-configuration:

  • A freedom phone supplier or service provider can pre-configure the devices they supply to connect automatically to their services, select which remote functions they enable by default, and choose security requirements, so an individual owner doesn't have to think about and set up these things in advance.

  • A device owner wishing to be independent of service providers may configure their own local service that implements the published APIs and protocols, and/or may use the peer-to-peer mode.

  • Specifying which functions may be supported on-device (ringing, camera, track location, wipe, ...) and by a service provider (monitoring/tracking, access to device functions, and more) is an adjacent topic: the core design is flexible.

Starting Points

  • FMD -- main starting point
  • KDE-connect -- additional technical and UX ideas
  • clues from what big tech does

Research

Invoking

  • manually send SMS (from trusted number or with pass-code)
  • dedicated app (convenient to put a "find now" button on one's other device or partner's phone)
  • server GUI

Response

  • ringing, at loud volume (option to start soft)
  • replying with its location and/or any useful info
  • theft scenario responses (such as lock, wipe, photo, displaying a message)

Transports

Important to have best chance of any kind of connection.

  • WiFi:
    • UnifiedPush
    • KDEconnect protocol?
  • SMS
  • Bluetooth
  • (research big tech's methods)

Reliability: ensuring reception

  • Proactive checking:
    • end-to-end connectivity
    • restrictions like battery optimisation
    • volume control and vibrate permission
    • start at boot time
  • Multiple transports
    • server and dedicated app should be able to try alternate transports, e.g. send SMS if target is unreachable via internet.
  • Periodic reporting (to other trusted device or personal server), in case "find now" fails for any reason.
    • with location
  • Connection availability
    • send location to server just before intentionally turning off wifi/mobile connections?
    • how can the OS service maximise SMS availability? maybe enable it when losing wifi connection?
    • how can the OS service maximise Wifi availability? maybe disable the wifi on/off switch while device is locked?

Security Considerations

Multiple risks, due to using root permissions and providing remote access to functions like tracking and data wiping.

Will need security reviews from several angles.

OS Integration Objectives

  • integrate with OS so permissions are available
  • integrate with Services Account (Single Sign-On)
  • integrate with other devices, peer-to-peer
  • integrate with UnifiedPush for efficient always listening
  • integrate with SMS, any other transports
  • integrate with backup/restore

Convenience

  • widget "find partner's phone", one click (plus confirm), on home/lock screen.
  • easy reciprocal set up: for me to find partner's/family's and they to find mine; for me to find all my devices from any.
  • quiet start: gentle ringing so can be used when people may be sleeping.
  • web integration: via a personal server of my choice.
  • minimal notifications. We may notify when device has been accessed remotely, but no more than necessary: for some people notifications are unwelcome clutter.

Server

Server component should be optional. Should work without configuring a server, and also if server is non-responsive.

Remote Control

Remote controls are especially useful for (suspected) theft scenarios. Some are also useful in other scenarios.

  • remote lock
  • remote wipe
  • remote view
  • remote listen
  • remote display picture/message
  • remote invite finder to send a message or make a call
  • remote track (more frequent location updates & other sensors)
  • etc.

User Experience: Setting Up

At OS new user set-up time: let the owner decide whether to delegate administrative power over this device to a remote authority. That authority could be:

  • an account (their own or another's) at a service provider (commercial, non-commercial, self-managed), or
  • another device or group of devices

We might also offer the person a choice to set up additional credentials to access this function. (They may skip this if they consider the chosen authority to be secure and trustworthy.)

Main account integration

FMFF integrates into person's "main account" for authorization (idea of a "main account" to be developed)...

Non-Technical Challenges

Persuading potential adopters of the need to run a service (location tracking server, GUI, UnifiedPush) or create ways for their device owners to run or get access to such a service.

References

OS discussions: