Building a Find Me App With PAD
Your location is quite a private matter - it can reveal where you live and work, who your friends are, what shops you frequent, and whether you are travelling or at home.
But still, there are times when you wish to share your whereabouts. You call your friend to inform them of which restaurant you are dining at. Less lightheartedly, you inform the fire department of your address in the event of a fire.
We all share our location from time to time - this is an unavoidable fact of life. But sensibly, few are willing to continuously share their current location at all times just in case there is a need for someone to have that information.
Why PAD?
We see a gap in technology. Solutions for location tracking are generally all-or-nothing: you opt not to share your location, or you let your phone track where you are and it shares this information with a nominated person.
With PAD, it’s possible to share the ability to access your location with a trusted person, without needing to share your actual location at all times. If needed, your sharing partner can find you, but this action will immediately notify you that your whereabouts have been decrypted.
Using a ‘find-me’ application built on PAD, you no longer share your location either all the time or not at all. Instead, only the ability to access your location is shared. Your location is revealed only when needed, and you are guaranteed to be alerted when this happens.
The trusted party that you nominate can retrieve your location at any time, whether the request is appropriate or not. This is crucial because many of the times you would want to share your location are when you would be unable to explicitly allow it - for example if you are injured during an outdoor activity. If you find that your trust is being abused and your location is accessed at inappropriate times, you will be aware of this and can change who you have entrusted with the ability to access your location.
User experience
Here is how we envision find-me being used. Following cryptographic tradition, we use Alice to represent the user who will share the ability to see location data and Bob to denote her trusted sharing partner who will be able to request a decryption of her location.
Alice downloads an application on her phone.
Within the application, she agrees to share her data with Bob, whom she identifies with a phone number. Bob gets a notification of this on his phone, which he accepts.
Alice can choose the frequency with which her location is updated, for example every ten minutes. She may opt to let Bob decrypt one or more of her most recent locations on a rolling basis. That’s all for Alice - she can now let her app continuously monitor for her whether her secret has been decrypted.
Inside Bob's application, he can see who has shared with him (which includes Alice and possibly other people) and can choose to locate one of these people with a single tap.
If he does make this request, he sees the location data and Alice gets a notification that Bob has chosen to access her present location. The record of Bob's action is placed in an immutable blockchain so that Alice can always prove what occurred to any party.
How to build it
It is easy to build a find-me application with PAD. The PAD API handles everything related to the cryptography and immutable records of decryption - leaving you free to tailor your application to your purpose.
Set up a new PAD instance
You need a PAD accountability ledger dedicated to your application. To get one, open a PAD instance. Once you have done this, you will be the operator of a new instance and receive an operator API key.
Using your operator API key, you can see a list of available trustees. You can create new trustees, if desired, and then choose to add new and/or already existing trustees to your PAD instance. As the operator, you also make the choice of decryption threshold. This is the number of trustees that must respond to a decryption request in order to Bob to decrypt.
Enable encryption
We assume that your application already can integrate with a messaging service (such as whatsapp) and can access the device's GPS location.
Your application needs to encrypt a user's location in a way that is compatible with the PAD protocol. The documentation here explains precisely how to take this data and turn it into an
Encryption
object. You are free to reuse the code seen in the documentation; this will do almost all of your work in this step for you.The application needs to be able to create a signing key pair and tokens, which are a reference to a particular secret. The sample code for that is provided entirely here. Once this functionalitiy is included you will need to provide a way for tokens and verification keys to be communicated securely to a recipient, perhaps using an end-to-end encrypted messaging service. For your application, you can determine precisely how Alice picks Bob and ensures that he is aware of this and able to receive necessary data from Alice.
Now you are ready to implement your application-specific logic. At set-up, the device location is encrypted for the first time. The resulting
Encryption
object is sent to the PAD service using the API. A token is generated and sent to Bob. The find-me app runs a loop in the background where at every time interval, the secret is updated using an API call to contain the latest location data.You can enable Alice to revoke her sharing arrangement, by interrupting this loop upon Alice's request.
Finally, the application will monitor the ledger for data requests that were shared by the user. Notifactions of each request will be pushed to Alice. She can discontinue the sharing (either with Bob or entirely) at any time if she finds that Bob is abusing his privilege.
Enable decryption
Your application will need to store tokens that Bob has received from each person who has decided to share their location with him. He will be able to access a list of these users and be able to click a button that creates a decryption request that is sent using the PAD API.
Once a decryption request has been made, the application will make requests to the ledger to see when a threshold number of trustees have responded to the request. Bob may be able to see a progress bar that indicates to him how many trustees have responded and how many are needed. (However, we expect that each request should be fulfilled very quickly!)
The decryption side of the application will then handle all cryptographic operations to reconstruct Alice's location for Bob and display this in human-readable form. The code for how to reconstruct a secret from trustee responses is provided here.
Future directions
In some uses of PAD, it may make sense for the role of trustee to be handled by dedicated entities that provide the trustee service but do not make encryptions or decryptions. The find-me use case presents an opportunity to realise a much different model that is more egalitarian.
We imagine a group of individuals who have some level of mutual trust - this could be an extended family or a hiking club. Everyone in the group could opt to act as a trustee in a PAD instance supporting the group. Users could also choose to allow anyone in the group to have the right to access their location, but this is not necessary.
In this scenario, and perhaps in others, a find-me application may wish to incorporate some of these extra features:
Support page for running a hardware or software-based trustee within the find-me application
A trustee rating mechanism that provides information about the reliability of a trustee and their average response time
The ability for an encryptor to choose which trustees are designated to help decrypt a given secret
The PAD protocol enables a new model of data sharing that is naturally suited for the contextual sharing of location data to a trusted partner. Here we have sketched how such a find-me application could be built on top of our API. We are excited not only about this use case, so we hope you will check this blog in the future for additional posts on other ways that PAD can make your life easier as a developer!
Last updated