[fwlr]

Yes! Some may feel the author was excessively cautious but in this case it actually compensated for the author also not understanding exactly how Find My Device works, and the two cancelled out and resulted in the correct decisions being made!

In trying to troubleshoot annoying “lost AirPods” notifications without turning off Find My Device, I ended up learning a bit about how the system seems to work.

The way Find My Device works is that there’s a broad class of “child” devices like AirPods that basically only have the ability to say “hello, I’m <Apple ID/serial>” and perhaps the ability to say “help, I’m lost, my name is <Apple ID/serial>” - but crucially they do not have any kind of location data themselves. Then there’s a narrower class of “adult” devices (iPads, iPhones, and Mac) that have location data (GPS on iPads/iPhones, geolocated IP on Macs) and network connectivity. They have the ability to hear any child devices and report “I’m at this location, and I heard a [lost] child with this ID” to the central service, which can then report that information to the parent of that ID. (Incidentally, this let me figure out how to fix my spurious “lost device” notifications - I leave my old MacBook Air on, at my house, connected to wifi, to act as a “stay at home parent” device that can report on child devices, no issues since then.)

If someone trusts the location dot too much and uses it to “find the thief”, there is a possibility they will end up instead accosting the iPhone-bearer who happens to be closest to their device. In the “lost child / responsible adult” analogy, this is sort of an adult reporting they saw a lost child in the museum and being accused of kidnapping the child themselves. (Seeing the same person associated with the device in multiple locations is a much stronger signal, of course.)

[snotrockets]

It's a bit more interesting than that, as it's E2E encrypted, to avoid leaking the location of any device on the network.

Find My enabled devices are actually sending "my current public key is …" messages. The finder ("adult", in your terminology) device encrypts their location with that public key, and sends that, and only that, to Apple's servers.

The finder device isn't identified in that message, so you can't track a finder device by listening to "encountered a device" transmissions to Apple.

That public key is also rotated every 15 minutes, so an attacker can't track a device by tracking broadcast messages of a specific public key.

When you connect to Find My, you download that encrypted location, and use your private key to decrypt that location.

https://support.apple.com/guide/security/find-my-security-se...

[fwlr]

I’ll admit I simply assumed there was adequate encryption to avoid leaking location data in undesirable ways and didn’t think to investigate how they were doing it (generally an unsafe assumption - although, credit is due to Apple, slightly less unsafe in their case!).

The system being “my iPhone encrypts its location with the lost device’s public key, so only the holder of the corresponding private key (i.e. the owner of the lost device) can see that location” is actually sublime, though. That’s the minimal amount of information and yet it still achieves the highest level of privacy, right? Only the location data from the adult, only the public key from the lost child, combined in such a way that cryptographically guarantees only the parent can read the location data. No Apple IDs or serial numbers or any other identifying information even included, so it’s robust even against broken encryption. Very cool.

[MarkSweep]

> I leave my old MacBook Air on, at my house, connected to wifi, to act as a “stay at home parent” device that can report on child devices, no issues since then.

A solution that does not involve leaving a computer on all the time is to configure Find My to not report devices at certain locations.

https://support.apple.com/en-us/HT212765

[fwlr]

I did try this method first and it achieved about an 80% reduction, still had a few issues. I don’t know what the Bluetooth range of AirPods is but my phone was apparently able to hear them from the end of the street and report that I’d left my AirPods about 100m from my house. Presumably Bluetooth doesn’t actually go that far and it’s just reporting “current location at the time it realizes it can’t hear the AirPods anymore”.

[beaugunderson]

I'm an edge case here. I live full-time on an RV, and whenever I move the RV I get the fun task of adding that new spot to the "trusted locations" for Find My. I expect to find out there's a limit to trusted locations at some point.

[afavour]

This is true and also speaks to confusion around AirPods: second generation AirPod Pros are "adult devices" (or at least their case is) while all other generations are child devices.

[aziaziazi]

Indeed, the case is "adult device" !

> A new U1 chip enables Find My with Precision Finding for your case, so you can exactly locate it. You can also use Find My with proximity view if you lose track of your AirPods Pro

https://www.apple.com/uk/airpods-pro/

[fwlr]

Between AirTags’ ultra-wideband and a dedicated U1 chip that can perform the role of ‘responsible adult’ in finding lost devices, I wonder if (or when) it makes sense for Apple to start offering a business-facing product that can automate “lost and found”. I know for sure that gyms and hotels would love to have a product they could put next to their lost and found cabinet that would give precise and unambiguous data to the owners of lost devices. I can imagine it would also be popular with taxis/Ubers and planes, too!