Skip to content

GitLab

Last edited by Julian Foad
Page history

20250112 to NLnet

My reply to NLnet 2025-01-12:

you applied to the 2024-10 open call from NLnet. We have some questions regarding your project proposal Find My Freedom Phone.

Thank you for considering this project, and for allowing me the opportunity to explain further.

Some clarifications, first.

  • FMD? Yes. This proposes to build further on and in co-operation with the existing Find My Device (FMD) project. It is not a re-write or a competitor.

  • Stolen phones? No. The primary purpose shall be to help find a lost or mislaid phone. Originally we said this could help when a phone is stolen, as well, but I'm seeing the challenges of that scenario are too much for this project. We should not advertise or try to cover that scenario in this project.

You requested 13040 euro, for a total of 256 hours of effort. Can you provide some more detail on how you arrived at this estimate? Could you provide a breakdown of the main tasks, and the associated effort?

This is a gut feeling for the tasks and amount of effort involved.

  • dev and test rig (64h):

    • set up existing FMD (non-integrated) app development, build, deploy to Android emulator and real phone;
    • build and deploy FMD-server (as likely will need modifications to help with testing);
    • operate the main FMD functions, work out how to observe them;
    • set up a LineageOS or e-OS build environment;
    • (I've bought a new computer ready for building OS-scale projects like this);

  • convert existing FMD app to an Android OS system service (64h):

    • it's likely more about learning the particularities, and less about implementating the changes;
    • unknowns include for example may require breaking it into a system part and a user-space part;

  • implement automatic grant of all permissions, remove unused permissions UI (16h);

  • selection of server and connecting to it (64h):

    • default to fetching server connection details from some system-wide OS account setting (for "one click" set up);
    • implement such a system-wide OS account setting as an example/demo/place-holder;
    • adapt existing FMD settings UI so it becomes a UI for opt-out and override of these settings;

  • add one or more reliability and security improvements, to be decided based on greatest need (this is at the edge of project scope, and can be expanded/reduced) (32h);

  • write about it: both for end-users and for OS integrators/service providers (this is in addition to the expected general progress updates) (16h);

What do you mean precisely by a Freedom Phone? Does this include Linux-based OS-es like postmarketOS? What platforms would this software run on?

General definition of "freedom phone": a mobile computing device operating in such a way that its owner retains authority over it and its network services. Owner may delegate functions to service providers without ceding ultimate authority.

In scope of this grant: open-source android-compatible OS.

Potential further development on this project, outside the scope of this grant: also linux-based and independent OS. (Server and protocol should be OS-independent.)

In what programming language and under what license would you write and release this software?

As a starting point, the existing FMD project is:

  • Java/Kotlin, GNU GPLv3 (FMD android app)
  • Go, GNU GPLv3-or-later (FMD-server)

Risks: We will need to look into licence compatibility with OS code. LineageOS being Apache licensed, for example, likely requires discussing whether FMD owner(s) are willing to re-license the core OS parts of the current FMD app code, in order to be allowed to distribute such an integration. (The work can still serve as proof of concept while that's being worked out.)

The whole effort (and its unique selling point of not having to configure) hinges on the willingness of an OS to integrate this rather dangerous functionality ("wipe my device with an SMS" sounds very much like "give root to strangers"). Building something into other peoples software without strong buy in will not happen. Is there any interest (or even better commitment) from any existing OS so far that if this were to be built, they would integrate it?

I agree it will need interest or commitment from OS providers. I have not yet contacted them myself. It's been requested and discussed by others many times over the years. For example:

I do observe that once people come to expect Big Tech conveniences, then alternative providers generally need to offer the same, where it makes sense. I think this one does make sense and can be offered in a way compatible with freedom and self-agency.

No remote wipe. In the current generation of this project I would not consider offering "remote wipe" capability. It is not essential for the "lost/mislaid" scenario, and its safety depends on other factors such as reliable backup and restore to a new device, which unfortunately is not solid yet (although good progress is being made by Seedvault).

(The existing FMD app currently does offer "remote wipe" if user is willing to grant sufficient permission. I would exclude it from Find My Freedom Phone. People who want to go out on a limb with that will have to fork it.)

Have you done any user research how users feel about their phone emulating Big Tech behaviour (e.g. "calling home" without their consent)?

No "calling home" without consent. It will be calling only the owner's choice of service provider and only with consent. That's fundamental. We will do things to help people understand this.

It's a key principle of Freedom Phones that the device owner is in control of such matters; their service providers are not in control.

I have read many forum messages (e.g. /e/OS forum) where people went through that kind of initial misunderstanding and others clarified.

If someone takes out the sim card from a stolen device, what happens?

That would stop further tracking and control through SMS and mobile data. Further tracking and control would only be possible if Wifi is also enabled and connected.

That's one of the reasons why the theft scenario cannot be well supported.

What is the precise problem you intend to solve for whom? Is there specific new functionality you would develop, or is your focus really only on OS integration?

For the device owner: functions to help find a lost device shall be available, with near-zero additional configuration, after they chose a provider for their services.

For freedom-phone providers who act as service providers: they gan give their customers a device that defaults to using their services, with near-zero configuration required by the device owner.

Within the scope of this grant: OS integration, including functions needed to make it work "out of the box" and reliably.

Other kinds of functionality improvements are out of scope. (Some are being worked on by other people in FMD project.)

Why not contribute any missing functionality to FMD

Certainly I'll be working with FMD and contributing it all, or as far as they want if they prefer some of it to be separated.

I've introduced the proposal to them last November. FMD developer Thore is also applying for a different NLnet-NGI proposal related to FMD.

or UnifiedPush (or Phonetrack [1] or LocateMyDevice [2]), or otherwise share effort with these other efforts - rather than develop something else? For instance, the server components seem completely reusable. Have you discussed this with them?

The other mentioned projects are less relevant but may contain useful ideas. (UP is used as a dependency. Phonetrack is continuous location tracking but not control. LMD is a less active rewrite "inspired by FMD".)

Thank you again for your consideration of this project. I am continuing to research it and will be happy to clarify any points further.