[LINK] How Apple’s New Find My Service Locates Missing Hardware That’s Offline - TidBITS

Roger Clarke Roger.Clarke at xamax.com.au
Wed Jul 3 07:04:21 AEST 2019 

On 2/7/19 8:54 am, Antony Broughton Barry wrote:
> This makes me uneasy. It is clever though.
> https://tidbits.com/2019/06/21/how-apples-new-find-my-service-locates-missing-hardware-thats-offline/

 > ... any Internet-connected Apple device running iOS 13 or macOS 10.15 
Catalina can identify broadcasts from the Bluetooth adapter in other 
Internet-offline Apple devices nearby and pass that information back to 
Apple. This reporting works even when the missing Mac, iPhone, or iPad 
is on standby or sleeping, though it can’t work for a device that’s 
powered down, or if you have disabled Bluetooth or put your device into 
Airplane Mode.

[That's a very good reason to keep Bluetooth disabled except in those 
brief bursts when it's actually needed.  But presumably that has to be 
done manually, and assiduously, every time?]

 >Apple’s trick in the new Find My service is to combine 
always-available Bluetooth networking with the near ubiquity of other 
people carrying Apple gear. The company adds a careful privacy 
formulation on top of this so that only the owner of a lost device can 
figure out where it is. Even Apple won’t be able to decode where a 
specific device is located.
...
 >Any Apple device running iOS 13 or Catalina will encrypt and report to 
Apple its own location paired with a common one-way cryptographic 
conversion (a “hash”) of the Bluetooth-transmitted public key for every 
device in its vicinity. That hash can’t be reversed, so Apple won’t know 
which public key was recorded, but any device with the original public 
keys can perform the same one-way hash and create a match.

[So the announcement, the alpha, the beta, and v.1.0 will be trustworthy.

[And, once the PR gains have been made, and the user-base has accepted 
the feature, and the chat has occurred with the spook agencies, some 
modifications will be made to the design, right?]


-- 
Roger Clarke                            mailto:Roger.Clarke at xamax.com.au
T: +61 2 6288 6916   http://www.xamax.com.au  http://www.rogerclarke.com

Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA 

Visiting Professor in the Faculty of Law            University of N.S.W.
Visiting Professor in Computer Science    Australian National University

More information about the Link mailing list