I had AirPods Max stolen from our car a few months ago. A week later they popped up on Find My a block away. I hopped on my bike and tracked to a small apartment building. Using Find My will show you a “warmer … warmer … colder” kind of UI and whenever I lifted my phone to a particular window (shades drawn) Find My would say “Nearby.” I called the police and they were genuinely excited to knock on the door. A guy answered and denied having headphones that fit the description. Another police officer brought me around to the window and had me “play sound to locate” and sure enough you could hear the beep-boops through the window. The officer went back and said “listen, we know they are in your apartment, we can hear them, either go get them or we are getting a search warrant.” The guy said “ohhhh well I did have a party last week and there’s this backpack…”
Uh huh. Headphones returned.
Another officer returned to this scene and asked if we got the headphones back. I held them up and he says: “OH $&@# YEAH!”
Lucky there. UK here. A couple of years back I had a macbook pro delivered to me. It was delivered to the correct number on a different road. The POD had a photo of the front door and the person. I recognised the front door as it was on a local estate. Phoned delivery company up (DPD) and they said that they delivered it to the correct location and wouldn't do anything about it. Went round there and the guy said "um, it's mine now. Finders keepers. What are you going to do about it?".
So I phoned the police. They never turned up.
I opened up a credit card chargeback. But I was complaining about this to someone in the school playground and someone else overheard it. Turns out she was his next door neighbour. Said "I'll get it back for you". Sure enough that afternoon she turned up with it! Turns out the guy was a convicted paedophile and she knew that and said if he didn't give it back she'd tell everyone on the estate.
You need leverage or a good police force against criminals. The latter is rare so I suspect that taking matters in to your own hands is sometimes required.
That's shocking and also lucky. Had that neighbour not overheard or intervened, you would have had a known paedophile using a computer that could be tracked to you via sales used for a crime that the police would have acted upon and caused you more pain and suffering.
I've also learned the hard way, there again I have had police make so many mistakes for crimes in the past and ignore hard evidence that I lost faith in them years ago sadly. But this is the UK.
Though in your case, at stage it was at, once you had asked the recipient for it back and they said no, the police should have intervened due to the law of https://en.wikipedia.org/wiki/Theft_by_finding and acted.
Equally, the onus to prove delivery is upon the courier and again, you had a case there with them, so shouldn't of had to go thru that.
I agree, taking the law into your own hands alas seems to be the best solution in so many matters in the UK from my experience, sad and wrong but heck, we all want a simple life.
Also note from experience, the police (from a UK perspective) are not as aware of the laws as you would expect and had them tell me a matter was a civil matter and not criminal and raised complaint and had that upheld (lots of those) as they were wrong and the common laypersons expectations of the police is far short from reality, so always stand your ground and don't let anything slide as I used to do as it only erodes you away and enables incompetence to prevail.
That all said there are some good police (those that care and do their job properly) but sadly not as common as one would expect.
Try that with most retailers and the conversation ends at delivered. Your only option is to hit them with a summons and that's not a guarantee.
So with due respect that reality doesn't exist.
One reason I buy stuff from Amazon mostly is they are big enough to eat the issues and I put enough business through one service to be a customer worth keeping. Everyone else, not so much. I won't go into how shit Apple are on this front.
With due respect, I had exactly that issue with a pair of Airpods supplied by Apple that were apparently delivered to the wrong address. I had the carrier's photo of not my door. Apple sent a replacement the next day
That charge back might ask for tracking number, which will also says delivered. So they will ask you to call your insurance instead if your stuff got stolen on your porch.
I'm in the middle of a problem with an item either mid-delivered or not delivered, with unresponsive retailer.
I started a dispute with my credit card company, but yesterday they emailed to tell me that they had "concluded their investigation" and that the item had indeed been delivered.
No further information. Just "it was delivered, you owe the retailer".
Apple Card uses Goldman Sachs for the bank and the customer service. While Apple may be an experienced provider of retail services, this sort of thing is relatively new to Goldman Sachs.
I contacted customer service and they believe that a report regarding the investigation will be sent to me. They might even have a delivery address. The order was placed four months ago...
Good luck getting through a situation like this with good outcome. It depends on all the players involved.
You could try telling them you will cancel the credit card and not pay the last bill unless they reverse the charge.
When it goes to collections, at least in the US, you can tell the collection agency that the charge is in dispute, and they have to leave you alone.
If the bank then puts a ding on your credit report, you can dispute it with the credit reporting agency.
At some point, someone decides this is too much of a waste of time and pays up.
If you go this route, read up on your rights and the exact process.
One early step is sending them a letter via registered mail saying the charge is invalid because you never received the item. That carries more weight than a phone call, and usually routes to a different department. It might solve the problem on your own.
Make sure the letter makes it clear you understand your rights and know what the CFPB is.
Not worth the risk to your credit rating and stress from having to dispute it.
Best solution is to file a small claim at your local court. Near certainty it won’t be disputed due to cost-benefit of the retailer having to hire a lawyer to defend it.
What do you expect the police to do in this situation? They can't just walk into people's homes over your word. OP at least had a noise which in the states I assume is probable cause or something. And even then they'd have to come back with a warrant but got the headphones because the suspect felt defeated.
Your situation is bizarre, the helpless feeling of knowing where your stolen item is and not be able to do anything about it. But it's not solvable by the police unless you have more evidence. For example you could have recorded your neighbor saying those things to you.
Here in Sweden petty theft is 99% an insurance issue. I even heard one case where their boat was stolen with an airtag on it and it was traced to a particular driveway.
The police here won't even pick up the case, it goes into a pile of other theft cases and the owner can use the ID to file an insurance claim.
It's very sad on the surface. But maybe they have their reasons.
>What do you expect the police to do in this situation? They can't just walk into people's homes over your word.
He had ordered it, so had the order, he had the delivery picture, and so on.
And even if people can't just "walk into people's homes over your word" they could still knock on them, question the person, and investigate the theft complaint.
Right. The point is that it would require a full police investigation, interviews, etc...
In my view at fault in these cases is the delivery company, they are in a hurry and don't bother doing a proper job. If they would be forced to eat the cost, this wouldn't happen anymore. Basically they are outsourcing their job to the police force.
Ok I just read on a delivery company website that they have in fact started taking photos of the moment of delivery. Wow. That is incredible.
Here I always opt for delivery at a pick up location and use my electronic ID to pick it up so I had never expected delivery drivers to take, and store, photos of people.
I had this happen with FedEx a couple weeks ago for the first time. We get a lot of packages so I was surprised.
The delivery person gave me the box then ran back to me as I was walking away. "I have to take a photo to prove I delivered it." He puts it down on the ground and photographs it. Not sure what a picture of a box on a nondescript driveway would prove, but I guess he had to do it.
Photos are useless unless they are photos of the person and goods together. A DHL courier claimed that I had signed for a package and claimed that a picture of my postbox with an envelope in it was proof of delivery.
Had a delivery yesterday where the driver (Evri) had to wave his handheld around for a bit, as it wouldnt let him confim delivery as it thought he was 100m down the road!
Like what reasons? It's somewhat understandable that police might not want to investigate theft of relatively cheap item because they have to prioritize. But a stolen boat? At the very least it warrants some further investigation. Them dismissing it outright just seems bizarre since they do have some evidence they at least should come and talk to the owner.
> OP at least had a noise which in the states I assume is probable cause or something.
Isn’t a signal that is within a few feet of the door you want to enter good enough? It’s more authenticate than some random noise - you know it’s your device and not some random device emitting find my data.
Sounds like policing or judicial approach is outdated. If a police officer sees the stolen goods inside via a window, they can enter right? How are RF waves that they can see coming inside the property, and uniquely identify the property, any different?
It's not a random noise if you can trigger it. Better to have the signal and the controlled noise if possible. You can't see the RF waves in the same way as sight. It is possible that the RF is ducting or has some other propagation phenomenon. And that's assuming you are even able to connect to the device and not just viewing it's location through the network, which could have precise location issues. Two sources are better than one.
Sad? Non-violent crime such as parking tickets, littering, playing the music too loud and petty theft should not involve armed officers showing up. This presents needless chances for escalation.
The “defund the police” movement was onto something - but it has to be spelled out. - offload many of their jobs to metermaids and other ticket-issuers and keep armed POLICE for things like robberies, no-knock raids, breaking up fights and arresting violent criminals etc.
Most civil disputes can be - and are - handled by banks and insurance companies. This includes auto accidents and credit card chargebacks. Not even the justice system (public courts) need to get involved, they handle thousands of cases a day.
> The “defund the police” movement was onto something - but it has to be spelled out. - offload many of their jobs to metermaids and other ticket-issuers and keep armed POLICE for things like robberies, no-knock raids, breaking up fights and arresting violent criminals etc.
This is hugely different to what I understood from anyone in favour of defunding the police to mean.
> They can't just walk into people's homes over your word
Officer I was kidnapped, taken to this address and violently raped. "Sorry we just walk in to people's homes over your word" ? Half a dozen other scenarios come to mind.
Sure, there are emergency circumstances exceptions (not the case in this scenario). In general you would need a warrant with probable cause. That probable cause to get the warrant could be your sworn statement.
So they can't just walk in over your word. I has to be your word plus either a warrant or exigent circumstance.
Hey just so you’re aware for the future, it’s the seller’s responsibility to get your item delivered to you, so if you hadn’t recovered it, it would be on Apple to resolve it. They would then take it up with the shipping company.
Did you go buy a bunch of lottery tickets afterwards? Cops doing their job when you give them the entire breadcrumb trail is incredibly rare. I have many stories from friends and that I’ve seen online of the cops refusing to do anything even when you can guide them directly to the location of your stolen property.
I’ve personally experienced their lack of competency when they refused to follow up on stalking/harassment of a friend. They said there was nothing they could do even after I’d tracked down what free texting service was being used and gave them the abuse email address for law enforcement to use. They just straight up refused to do anything. Finally I was able to get my friend’s number blacklisted from the free text message service’s side to stop the abuse (the scumbag would change phone numbers every time he was blocked so we couldn’t just block the number). We even knew who was behind it and they wouldn’t do anything. And before you think this was mild he was sending 100’s of texts a day and calling multiple times. He also keyed the victim’s car but again, cops wouldn’t do anything about it.
It depends on where you are. I had a stolen backpack recovered when I was travelling in Zurich. I stopped by the train station police, showed them the AirTag tracking, and they sped down the freeway (lights & sirens!) to catch up to the perpetrators' train and arrest them. I went to the Landesmuseum, and by the time I was done my backpack (and most of its contents) were ready for me at the police station.
Compared to SFPD, who took about 8 hours to even show up to my burgled apartment so I could file an insurance report, it was a breath of fresh air.
Is this conclusion purely theoretical, or based on any experience at all?
Because anecdotally, the cops that interacted with me and people around me where completely uninterested in doing any kind of work, no matter how easy it was.
That is contrary to my experience tracing a stolen MacBook Pro to a specific apartment over find my and being told by the San Mateo police I could file a report if I really wanted to, but not to expect anything to happen.
I’d expect it depends on the context of your jurisdiction, and so really is not that simple.
That is the exact opposite result of every single experience and anecdote with the cops I have ever had or heard from friends or family
The reason is that sitting in a car, playing solitaire or Pokemon go, collecting huge amounts of cash for doing nothing is even easier (and rewarding to most police officers) than solving an easy crime.
Kind of a moot point? Enforcing the law operates on a different level of desired outcome than the goods itself are worth. imagine you get your phone stolen and instead of retrieving it they bought you a new one creates a pretty perverse incentive structure!
Are you suggesting that police services should operate like a service for hire? It isn't clear to me if you think the victim should hire the police to investigate (and thus decide if their price is lower than re-purchasing the item) or if you think the police are only expected to investigate based on the value of the item.
In either case it doesn't sound like a sound way to operate a police department. It seems like a good way to incentivize vigilantism though.
You're looking at it from a single transaction cost-benefit perspective but that's not how it works societally. If everyone in the society knew that cops will be in their front door steps with a warrant every time a phone or a laptop was stolen, they're not going to be stealing them from the get-go.
So to translate, there may be a high up front cost but the return on invest will outweigh in the long run (for higher value products, admittedly). Even if that's not the case, you're not valuing the societal cost at all!
Yeah but what else are they there for? They're paid with tax dollars, unless number of other crimes value > your crime value your statement still doesn't make sense.
And if there are enough crimes going on to mean that they can't even send a single officer to assist with a theft or burglary then that's the sign of a serious problem with wherever this place is.
Police officers doing anything to protect individual safety or private property costs the government money.
Whether they're helping track down a smartphone or a private jet, the victim isn't expected to reimburse them.
The benefit to society of having police spend time and money to enforce the laws in theory, is that we get to feel some sense of security in our ability to continue owning things without having to fight off raiders, or walk down a street without getting assaulted/robbed.
Past a certain point of late-stage capitalism, there might be some resultant net negative effects to society, like when the masses are starving and the police are enforcing the property rights of the top 0.1% who are hoarding 90% of wealth/food/medicine. But in that scenario the top 0.1% are unlikely to be getting involved directly to track down a single laptop
I had a similar situation in Paris with an iPhone. The Police were so helpful, knew exactly what to do, and were also very excited, but ultimately the Find My location wasn’t granular enough to find the phone. In an urban environment like Paris with big apartment buildings directly adjacent to each other, I think Find My is difficult. I’d have to be lucky and catch the phone during transit from one place to another, I think.
Edit: being able to use my iPad with Find My was an amazing experience, it’s almost worth having one just for that situation, where I didn’t have to bumble around with 2FA and logging in from my laptop, which isn’t Apple. I could also erase my stolen phone remotely, which gave me so much peace of mind.
"but ultimately the Find My location wasn’t granular enough to find the phone"
Depends on the generation, the new ones with ultra wideband (UWB) are really awesome, you can locate the item to tens of centimeters. I think you already have to be in a certain range for UWB to kick in. So might not really help if you could not identify the apartment otherwise.
The only real "problem" with UWB is the range. It might work better in North American homes (with hollow drywall walls), but in my Spanish home with brick interior walls, UWB doesn't even work one room over. It'll say "nearby", but completely lack any sort of direction information unless in the same room. I'd suspect in a situation like the OP was in in Paris, it would be very difficult to distinguish and exact location using UWB unless you got really lucky (like the phone was being stored directly next to an exterior door or something).
There should be an app people can download and you share the location data of your lost device. Multiple devices can all home in on it increasing resolution of the location via triangulation.
Opposite anecdote. I had my phone stolen from the gym. I showed up with the police and the guy denied having it - ended up he was telling the truth.
Then I saw the phone was at someone else’s house right by the one I showed up to the following evening. I used public records to track down the owner and he said it was a rental. He called his tenants and they said they didn’t have it. They were also telling the truth. Once I told them where it was stolen they said that another neighbor actually worked at the gym.
He did have my iPhone and returned it once his manager told him to. I worked at the gym part time as a fitness instructor.
This was back in the iPhone 4 days admittedly when Find My relied on GPS.
Ok we have opposite situation than stolen headphones. We found some on a trail in the woods. They are "Alan's Airpods". We connected to them from our nearby house, hoping he would come by using Find My.
There is no other way to contact them that I can see?
Where are you located? Here in a busy midwest city, the police are too short staffed to even respond to a 3 car pile up in the middle of a busy intersection sooner than 2 hours after the fact.
I was standing in the grass of apartment complex. Find My app says “distant” and I move phone over window “nearby” … back and forth it would toggle between distant and nearby.
Quite a few years ago (and fortunately the only time I've been burgled), I had a guy hop in through my bathroom window of the house, because our rubbish bins were outside the window/we left the window open for the cats to jump in & out of.
My flatmates and I were all sound asleep in our rooms. I remember half-waking a few times and seeing a shadowy figure in my room, but being half-asleep remember thinking "ah just my flatmate probably doing something" and went back to sleep.
Awoke a short time later and realised what had happened with the charging cables for my laptop/phone pulled towards the doorway and a few things strewn here and there. Got up and went to the hallway and found the rest of the house in disarray and banged on my flatmates doors to panic/get them to call the police. This was at about 4am.
They hadn't hit up my flatmates rooms, only mine (closest to the front door/road) and the main areas of the house. While the police were on their way, I realised my desktop was still there (it was a full-tower) and turned it on to see if I could locate the phone: success! It showed my phone as being in a carpark near a Macca's a few areas over.
My flatmate was still on the phone to the police so we relayed that and they said they'd take a look, but a separate team was coming to see if we were okay. That second team arrived and we made 'em some tea and all sat around being reassured by 'em until the first team had reported in; they got the stuff back! (Well, most of it).
Turns out the guy had: stolen a car, burgled about a half dozen places before ours, then burgled our place and driven to get get Macca's to celebrate. Apparently he was the only car in the carpark and the police walked up seeing that the car was chock full of people's stuff.
My stuff was returned and so was the car and the police were apparently trying to get the other stuff back to their owners, too. I got a follow up call a couple months later "we can't tell you who he is, but for your information he'd already been pulled up on this before and this time he's going to prison". There's nothing quite like the feeling of justice, like "yeah FUCK you for entering my house and taking my stuff".
The scariest thing of the entire scenario was me realising that my phone/laptop were charging on my bed, next to me. Which meant he'd leant over me while I slept to take my stuff.
After moving to the UK, unfortunately after a few years with getting away with walking around London at night, I got mugged. These guys clearly did this stuff all the time because my phone had clearly been turned off, so was not able to be located.
But it really shows the importance of technology helping mitigate/prevent these sorts of things; we should really be holding companies to higher standards and have universal ways to make theft of anything like phones/laptops essentially impossible.
Another thing was the reaction of NZ police; fast, efficient, caring and really eager to just help out someone who had been wronged. Whereas the response I got in London/Met police was basically "ya we can't do anything and there's no CCTV of it" (the most surveilled city in all of Europe, apparently.
>I had AirPods Max stolen from our car a few months ago. A week later they popped up on Find My a block away.
>The officer went back and said “listen, we know they are in your apartment, we can hear them, either go get them or we are getting a search warrant.” The guy said “ohhhh well I did have a party last week and there’s this backpack…”
>Uh huh. Headphones returned.
I mean from your description sounds like the guy was telling the truth, or is your theory that he stole your airpods, went on vacation and came back home after several weeks - which of course is also a possibility, but I think backpack left over from party sounds also reasonable.
on edit: hmm, early in the morning, so now I understand it was a week after being stolen they showed up on Find My..guess need more coffee.
I didn’t want to muddy the original story, but I had nest cam footage of the actual theft but too blurry to make a positive ID. I saved the footage. The guy was very tall and built like a football player. With sandals.
When I met the guy that night a week later he opened the door and it was pretty obvious he was the guy. Same sandals.
I think my point still holds, guy lives in range of Find My, Find My notices it a week later - ah ha this guy definitely stole it? Seems a logical disconnect.
Find My came to the rescue when my wife unknowingly dropped her phone during a pullover to take some pix. The turnout was on New Priest Grade, the best way to Yosemite from our home.
Next morning, after the frenzied "Where's my phone" search petered out, we remembered Find My. No way, I thought. Rural road, many miles away, etc. Which new phone would you like, Dear?
Find My immediately found it 43 miles away. My wife looked at Google Earth, identified the likely turnout and high-tailed it. She found it about five minutes after stopping at that turnout.
There were enough passers-by with iOS devices that Find My worked as hoped. It amazed me that we got a little piece of our property back through operation of planetary-scale infrastructure.
Considering the NSA probably doesn’t allow an electronic product to be sold in the US without a back door, and every square inch of the surface of the US is probably being imaged by satellites, its not like this presents new risk to you.
Backdoors tend to be sloppy and invite more than who they were built for. Nobody needs another attack surface. Ignoring and disparaging legitimate privacy concerns is unhelpful antisocial at best, gaslighting for tyrany some less cheritable might say.
The implementation seems reasonable, but how are the private keys shared between devices? It should pass through Apple some time since a phone can decrypt a laptop’s location. Or do they use bluetooth whenever near?
Generally, they have special computers that basically self-destruct when tampered with, that handle transferring key material. It's in the Apple design docs if you read them.
Apple really tries to get this right. Some countries(like China) require the computers to physically live in the country, so there could be special implementation details that alleviate some of those security guarantees, but we don't really know.
Of course, if you live in China and rely on any vendor that operates in China to protect you from the Chinese govt, you probably are wrong.
This is true of literally everything with a modem in it. Tracking via tower triangulation has been around for 20 years or longer. Also the entirety of your browsing history is tracked and logged by your ISP and also given to three letters agencies. And companies like Google give basically unrestricted access to all your data. Nothing is private anymore.
It is every page you visit. Any time you make an HTTP request it's logged.
VPN might do a little but browser fingerprinting is virtually impossible to negate unless you're using Tor on TailOS, and Google/CloudFlare will still know exactly who you are through a VPN, and so therefore so will government agencies.
IMHO the volume of hate isn't so much once you calibrate for Apple setting high expectations for its products, and Apple selling these products by the metric crap-ton.
Well the main thing is them creating stuff like this and intentionally locking others out of it. They're happy to use USB, Wifi, Bluetooth standards to further their business/because money. But they don't go "oh let's create a UWB standard that we can adopt across the industry to help people find lost devices/prevent theft".
Like "air tags", gimped when used with Android.
"Yeah, well that makes sense it's just good business practice". Yeah good for the business but shit for consumers, we should hold Apple _and_ all other companies to higher standards but humans aren't very good at working in groups of larger than like 5 people apparently.
Thought: hate for a product is at least partially a factor of who buys it - or, more precisely, how often you see dickheads with it.
Self-infatuated people are attracted to premium brands, and entitled people and premium brands are both more visible than the converse. Hands up if you've never been cut up in traffic by a BMW? Likewise, when someone cuts in line at a cafe and then sits down with a macbook, it's going to sensitise you to the failings of Apple
Perhaps next time someone holding an Apple device acts like a dick, maybe also take a look at what brand of shoes they're wearing. It's possible their dickishness is actually a consequence of being a Nike fanboy. It might sensitise you to the failings of Nike.
Oh come now, that's ridiculous. Let's be real for a moment. No serious person would ever say that Nike is responsible for the coffee shop etiquette of people who wear their products. It's not the Nike shoes, it's obviously the Apple laptop.
Imagine if anyone, not just Apple, could build on that, creating an automatic sneakernet. Populous areas without cell towers would come online, with ultra high latency. Throughput would also need to be throttled by the owner of each device to accommodate battery consumption preferences.
We’re not that far off from the planet being covered with low bandwidth internet anyway.
NB-IOT and LTE-M, along with the possibility that SpaceX can use Starlink satellites to provide low bandwidth LTE coverage, seems to give a viable path for global coverage soon
Only problem is that in the short term NB-IoT/LTE-M devices are rather expensive, both upfront and monthly costs. Guess that will come down over time though
I was about to correct you saying "icloud.com works on any browser, even an Android phone", but then I went and looked and you can't locate AirTags (or people) using the Web version of Find My, just Apple devices. An odd omission on Apple's part.
I have a couple of Tile fobs from before Apple moved into the space. They're still good enough for checked bag tracking while flying (at least to confirm the bag has made it to the terminal). Tracking is pretty limited without the subscription, but enough to sanity check. It would also work as a "last seen" location, which might be enough for your example (you don't need the network unless your device moves).
Find My should also give you a push notification if you leave a device somewhere? But you'll get false positives if you turn off Bluetooth.
Find My doesn't require the passerby to have connectivity _at the time it passes by_. They record where they were when they saw the lost phone, and whenever they get connectivity back, they report that to the owner.
Find my works without a network connection. So if the phone is lost without signal and another iOS device comes in range it will remember seeing it, and then upload the location to apple for the devices owner to see when it has internet again.
Oh really. Wow that's pretty amazing. I thought it worked by piggy-backing off the connection of nearby devices meaning that those nearby devices would still need to have an active network connection while near to your device. I didn't know that it would remember the location of a device and then upload that location later on.
This reminds me of the kind of hack I came up with, almost 20 years back. I used to work in Bangalore, and now and then, we would have a power outage in the evening that lasts for a few hours. I was single and used to live alone. I did not want to go home from the office and find myself without power. So how do I find out there is power at home? During those days, there were no IOT devices so checking them is that's out of the question. But I did have a landline phone that was powered by electricity and had a replaceable battery as a backup. I used the phone only to connect to the internet. So I just removed the batteries and when the power goes out, my phone wouldn't 't work. So before leaving work, all I had to do was call my landline. If it rings, it means there is power.
Here in Argentina people sometimes leave inside the freezer an ice cube with a coin on top of it, so they can check if the power went off for a long while - because the coin would be lower in the cube even if it froze back.
I used the same trick recently where a long power outage had me staying at my relatives until power was restored. My answering machine doesn't work without power but the phone does so if it doesn't pick up I know the power is out.
Since the central office switch is usually powered by generators I was used to the phone always working even during outages. But I found that the landline phone only stays functional for only a day now. I believe the deployment of fiber to the node means there are battery backups at the nodes that only last that long.
How long was the commute from office to home? Depending on this you still had risks of phone working while at the office, power out when back home, no?
Back in the mid-90s my dad lost his car keys. Turns out they were in his dressing gown (we’re British) pocket, in the wardrobe.
So he bought one of those keyrings where you whistle and it beeps. This was a Saturday and we were visiting my grandparents, his parents. He told his dad, by now with a mild case of the Alzheimers, that he’d got this thing and that “you beep and it tells you where your keys are”.
Well my grandad, who never drove a car let alone used a computer, his mind was blown. He just had no idea how this thing could do that.
This went on for a few minutes.
Dad, increasingly frustrated: “you just beep and it tells you where your keys are!”
Grandad, increasingly confused: “... but ... how?!”
It turns out that my grandad was imagining that you whistled and that this little device shouted out, “they’re in your dressing-gown pocket!”
Ha, last winter I lost my phone while snowboarding in the last 300-500m before mountain base. I noticed because I was listening to music with my airpods when I got to the bottom the music had gone silent. Thankfully I had my Apple watch with me, so I immediately got off the board and start running uphill while incessantly spamming the "ping my phone" button. At some point I saw in the watch screen it briefly connected and then immediately disconnected again. I realized somebody had probably grabbed it and skied by me. I went back running to the chairlift while still spamming the button and finally found the person who had grabbed it, a few seconds before he got into the chairlift. I felt that day that the watch investment had been worth it hah.
My friend was able to retrieve his phone that had just been pickpocketed out of his backpack that way!
"Hey, did you just grab my phone" can take some courage to say to a stranger; "Hey, I can hear my phone ringing in your bag when I press this button!" was much more convincing.
That option can be disabled by turning off "Find My network" such that the phone will be off and radio silent. With it on, it will continue to beacon until the battery reaches the final BMS low voltage point.
It doesn’t, as far as I know (or rather, it might turn off the ability to ping the phone, but passive Bluetooth/Find my cloud location should still work).
And even if it does, turning on Airplane mode is not possible anymore for a locked phone.
Yeah I also wonder what a thief would do with it? Maybe the recycle value is enough for her? Or she gets it to a store where they don't check and recycle parts?
While walking and without alerting the person you just bumped into to the fact that you just took their phone? More realistically, a well-prepared/tech-savvy thief could just drop the phone into a Faraday bag in their backpack/pocket, or alternatively just turn off the phone!
Fortunately, the one that my friend encountered didn't do any of that.
Was he stealing it? I found a phone on the slopes last year, but I gave it to the liftee - figured I'd let them figure out how to get it back to the owner.
Lost my FRS radio up on the mountain once. I started calling it from my friends radio... "Hello, I'm a lost radio, please find me" and someone called me back and met up with me to return the radio.
hahaha, that's great! I can imagine hiking along and hearing this scratchy voice emanating from "nowhere", tracking it down and finding this lonely radio on the ground, pleading for help to be brought back to its owner! :)
not directly relevant, but was riding my motorcycle in the boonies, and lost the phone which was on the handlebar (bumpy rocky path).
Looked for it several times on the path with no luck. Then I remembered my old iPhone was in the backpack. Did a Find my phone on the backup phone and it showed exactly where it had lost touch with the primary phone. This is all without cell or Wi-Fi service. Saved me a $1000.
Back when I rode, I made a little arrangement of LEDs around the speedometer in 3 concentric rings of ~32 lights. The blue LED closest to pointing North would light, the green LED would always point towards my home, and the red LED would point towards my destination (programmable before the trip). That's all I really needed. Basically a small version of a navigation arrow above video game characters. It meant that one glance at the speedometer gave me all critical information in one instant. The brain is really good at intuitively figuring out parallax, so if I was moving, two glances gave me a good idea of distance as well, though I experimented with lighting 1,3,5,7,9 LEDs as the destination got closer.
Not really. The phone only appears "off" but is in-fact in a low power mode providing beacons. It won't work if the battery were removed.
Also, modern iPhones use tower-assisted GNSS (GPS, GLONASS, Galileo, QZSS, BeiDou, and NavIC) so the satellite isn't necessarily Navistar. With fewer or no towers, and positioned in an odd orientation on the ground, a good fix becomes much less likely, and the range can increase from <1m to 10's-100's of m.
Internet access is not necessary for Find My to work. Your devices all broadcast their public key over Bluetooth and NFC, and your devices all also have your own private key, and so are identifiable / visible in Find My.
Even if they hadn't had the local map, they can still get some useful signals from Find My (and they can still push Ring requests). However, in their case, their old phone still had the log of the last seen location. Again, no Internet required.
He said no service at all. When traveling, and you have an old phone with eSIM support, carrying it with you in a backpack (with eSIM information ready to go) is a good idea. Especially when traveling alone, you never know what will happen. Your primary phone can be stolen, you drop it, or it simply dies and you need rescue.
Yep, so smart that I used to name my WiFi “McDonald’s Free WiFi” when I lived half a block from McDonald’s. Everyone’s phones would connect but to my goatse’d image network.
I thought devices would start remembering the base station MAC addresses to avoid hijacking but I guess not.. maybe I should start doing this again at my local Home Depot
Edit: just remembered I used to do this on planes too. I would MiTM the AP and people would connect to my WiFi device. Then I would serve an obvious incorrect Bank of America page. No one logged in to it though :(
Creating rogue APs is criminal-adjacent, unethical behavior because it denies and interferes with a network. It could even be criminalized in some jurisdictions.
Comcast can die screaming, fiery deaths with rapid reincarnation between them.
The were the only ISP in a certain suburban wooded area. During planned power outages they would go out after ~16 hours because they failed to engineer survivability (choice of electrical circuits and backup power) as the cell phone networks, municipal water, and other critical services did.
… I suppose an unprotected network is always unprotected, but it is still possible¹ to have AP roaming while detecting that you're switching to a different network of APs, even if the name is the same.
¹within a protocol design "possible". WiFi can't, AFAIK, actually do it.
The client could be made to drop a connection if various things are too different (default gateway not matching, for example) but it would be pretty janky with false positives and false negatives...
I don't usually use bluetooth _that much_ so I didn't think about it. My cousin's truck was around, which was indeed paired with the phone - but it would have been a bit more cumbersome to use in the search anyways.
I once found my phone buried in the sand on a beach with no coverage. I had a year worth of pictures on it, so I stewed in anguish for almost a day until we thought about installing a Bluetooth signal monitor on a friend’s phone . Given the sluggish update frequency, we resorted to triangulating the phone’s position. As we were pulling it from its sandy grave, I swear it felt like we were cheating fate itself.
I recovered a lost device (satellite messenger in my case) via Bluetooth as well! It had just fallen into some ferns a meter or so off the trail, but without Bluetooth I'm sure I'd have never found it again.
If we're being nitpicky it was probably neither – multilateration requires taking multiple measurements, drawing circles/lines of equal signal strength (or timing advance) and then intersecting these.
If you just want to home in on a transmitter, there's a much simpler algorithm: Try walking into various directions and keep heading into the one that makes the signal strength nunber go up :) Not sure if there's a name for that.
I was looking at that too, but doesn't that usually imply using a directional antenna, rather than just measuring the received signal strength at different locations?
Nope - as everyone who has looked for a buried avalanche beacon knows. As a matter of fact, depending on the number of burials and the searchers, your optimal search technique may be different.
I don't agree that that wording is as precise as you think it is. if you move in the direction where the signal goes up, when it stops going up, you are still moving in the same direction. Move "so long as the signal goes up" would tell you to stop, but it wouldn't tell you the direction, is the type of clarity I'm looking for.
I wonder how cheap and low power we could make tracking beacons if we didn't actually have to send any data and could accept some privacy risk.
Imagine like, an airtag, but the ID only needs to be 1 byte long, or even just a simple presence signal.
You'd put it on everything you own that's portable and easy to lose. When you want to find it you just search for signals. Maybe it could have an NFC silencing feature.
Perhaps it could only activate after 10 minutes of not detecting movement, while also not being near a base station (The base stations would mark a location as the "safe place you won't forget").
So you won't get any interference from anything people are carrying. You won't pick up anything safely stashed where it actually belongs.
But you can quickly sweep an area for any lost property (Which could be good or bad, depending on if it's a helpful security guard or someone who believes in finders keepers looking...).
You wouldn't ever have to receive any data, except to detect base stations, which would only need maybe a 2ft range.
But it wouldn't solve the big issue with losing stuff, detecting when you leave a location without a thing.
> Imagine like, an airtag, but the ID only needs to be 1 byte long,
Well, then you could only ever track 255 different tags :)
AirTags are already pretty minimal. Their battery lasts about a year, and I imagine an open source equivalent should be possible to build for under $5.
This is purely guesstimated based on the fact that I have a couple of Bluetooth LE thermometer/hygrometers that cost me about $3 a piece that last about a year on the same battery (CR2032) – and these run custom firmware and need to run a display and data logger (to on-chip flash) as well!
A year is a long time, but you can also get a CR2032 to USB converter and use that as a constant power source.
Why? If you're using your smart tag to track your car, you can hide it somewhere deep inside and connect it to the vehicle's battery so it always has power. Then you never have to worry about changing batteries.
Apparently there are Find My compatible generic tags coming out of China already, and they cost less than $5, shipping included. I say apparently because I’m still waiting for one to arrive and test.
Interesting! I would have thought that Apple would add some sort of tamper-proof hardware authentication mechanism, given how expensive and privacy-sensitive AirTags are.
Interesting. Although your link is 11.70$ with 50% off for me, but if you search for “find my Apple” you get many more results with lots of options around 5$
They seem to come up in the home page deals section quite often for me. I grabbed a couple that were $3.50 a pop, and so far they've behaved exactly like an Airtag (albeit with a worse speaker)
Yeah, typical aliexpress misleading BS. I have yet to buy something on AE and 1. Pay the price initially shown (it’s always more) 2. Actually use one of the dozens of coupons it assaults me with every time I open the app.
You'd just have to have IDs repeat, and software that could tell the difference based on signal strength. If you have two on the same ID that have different RSSI, show them as two tags.
You'd have to do some guesswork though to figure out what's going on but it would be better than nothing, and you might be able to get the size down below what CR2032 allows.
But why only send a single byte if you can send a full UUID within a rounding error of the same resource usage?
If you want it to be compatible with most smartphones, you'll need Bluetooth LE anyway, and that already uses at least 10 bytes on header fields for broadcast packets.
I suppose it is effectively a rounding error unless you change the actual protocol.
I wouldn't be surprised if there was some trivial way for the manufacturers to add ultra low speed non-bluetooth data to the Bluetooth chips though, so you could have 2400 baud IDs with microwatts of power.
But it's probably not worth it since I suspect the real power drain on airtags comes from the high update rates and maybe the 2 way communication.
If you ever connected to a network with a hidden SSID (or one where the phone thought the SSID was hidden for some reason), the phone will actively beacon for that WiFi, including the "hidden" SSID.
This is obviously harder to use for searching for the phone than the method they used, but it's a privacy nightmare you should be aware of. Hiding SSIDs is almost always a really bad idea for this reason.
That’s an interesting design flaw. You connect to a hidden wifi network once and then your device will emit the ssid when you are not connected to a wifi network, or all the time?
On a somewhat related note, due to the ongoing war in Israel, GPS is being heavily jammed to deter terrorist drone attacks. An intriguing side effect of this is that services like "Find My Phone" and AirTag are experiencing disruptions. This interference sometimes results in devices appearing to be located in neighboring countries, hundreds of miles away from their actual location.
Here's an article detailing the jamming situation: https://www.gpsworld.com/gps-jamming-in-israel/.
Find My is great. I hid an AirTag in my bike, which got promptly stolen (as bikes tend to be in London): I had near-zero hope but police _actually_ was keen to retrieve it, it evolved into a multi-week adventure where they tried to retrieve it several times but the thief just rode away. Ended up finding it in a shady bike shop, with a fresh new coat of bright silver paint.
I was skeptical when I bought the airtag, I thought I'd just lose a bike _and_ an airtag, but now I can't recommend it enough!
Embedding a LoRa module in the phone could come handy in similar situations; it could trigger a timed transmission of the latest known position before a given event, say a big bump followed by no movement or usage for X time, too long exposition to temperature and humidity incompatible with a house, etc. LoRa allows transmission at impressive distances using very low power compared to WiFi and other systems; a phone configured to turn itself off and use just the LoRa module to repeat a very short <phone code>+<position> say every 10 minutes wouldn't tax the spectrum too much (RF in that context is a very scarce resource) and its battery would likely last weeks.
I did that with my dji drone, figured that when I eventually crash it and it ends up in some dense foliage, I could just go back at night and look for it with my torch looking for shiny 3M reflective tape.
It was dark already. We did a lot of grass-searching with flashlights - but the phone was on top of the ATV, in a tough-to-spot location (by the handlebar or something, between some cables).
Samsung has their own "offline finding" as they call it, if enabled other Samsung devices/wearables can locate it somehow, brief on how that's done on their site
I use this sometimes when I can't find my daughter in a large shop - just turn on my wifi tethering and when I have a device connected, I know she's nearby.
If the SSID and password are the same, how would the phone tell the difference? I don't know.
My Fitbit has a "find my phone" feature that uses Bluetooth to tell the Fitbit app on the phone to make a loud whistle. It's kind of handy and ive made use of it several times around my house, but obviously isn't useful outside Bluetooth range.
> If the SSID and password are the same, how would the phone tell the difference
MAC address, but devices don't care, by design they will connect if the SSID and encryption type are the same, actually, you can create a mesh wifi network at your house with regular routers or access points by doing so, connecting them with wired ethernet.
The last time I did we did a WiFi password change at my house there were near 100 devices that had to be updated. Such a hassle. Thankfully it's stayed the same over 4 routers and about 7 years.
Orrrrr the protocol would just be smart enough to say “hey, we are thinking of connecting to this network but the MAC address is different — did you recently switch base stations?”
As long as screenless devices and other unattended things like light bulbs didn't need manual intervention, and it was easy to turn off the checks on a Linux server, it would be cool.
But it would probably be an annoyance in large multi hotspot environments, and could become another thing to train people to mindlessly click through like cookie prompts.
ESSID != BSSID. The former meant for UX, the latter to uniquely identify. Wpa_didn't allows fixing the latter, for example, as needed when you hang out at multiple locations where the wifi has the default ESSID, but of course with distinct passwords. Causes authentication timeout/lockout annoyance if left alone.
Fortunately many default network names at least contain some randomness these days, e.g. three bytes of an access point's BSSID, to make this less likely.
That's also the proper fix – pinning a WPA password to an individual BSSID would go against the concept of encryption being scoped to an ESS/ESSID, not individual APs.
You can, but if the AP's aren't aware of their shared clients they can't hand them off to another AP when signal strength degrades. Let's say you connect a client to AP A, then walk out of range closer to AP B. Your signal strength will suck because you're now farther away from AP A (and close to AP B). AP A won't disconnect your client to allow it to connect to B for better signal strength (that is, until AP A's signal strength is too low to sustain a connection).
Networks that are meshed by design take this into account and communicate about signal strength per client, handing them over when they notice a neighbor would be able to serve the client better.
While communication between APs (and forwarding of the data to clients) helps, it's not strictly needed because clients will do background scans, especially when reception is getting worse.
It apparently depends on the client device's implementation but yes in general client devices will switch to connect to the stronger one automatically on their own
How can you tell a wifi network is cloned if the SSID/password match? After all, it might legitimately be a new legitimate access point in the network.
I’ve always wondered how commonly black hats clone and exploit mass deployed public SSIDs like the “xfinitywifi” network you see in all major US cities with xfinity.
Presumably you could get a lot of random devices to automatically connect and then hijack DNS to cause trouble.
At least 50% of such APs I ran across didn’t work right. I chalk it up to broken implementation on the ISP side, but a decent number may be issues like this.
It's not that easy, unfortunately: Many networks span more than one access point, either simultaneously or across time (mediocre CPEs are notoriously being swapped out all the time by cable providers, in my experience).
Initially loading and then synchronizing certificates across APs would be anything but trivial.
I've surprised my friends a few times by keeping my SSID + password constant over the years and across several moves within the city (and across ISPs) and even internationally – whenever they come to my place, they have Wi-Fi the second they step through the door :)
It's also nice not having to re-configure various embedded devices, many without a sane user interface to type a passphrase or even accept a new TOFU public key, every time I set up a new router at my family's place.
Either "enterprise" WiFi or, if your device supports it, locking down the MAC address. That'll give you range issues if you use mesh wifi, range extenders, or additional access points, though.
I don't know why more devices don't support WPA Enterprise, it's not _that_ complicated a protocol. I can imagine a "secure router" product with a normal WPA3 network for management and an "enterprise" network with a simple username/password list selling quite well in some niche circles.
There's not really such thing as a cloned wifi network conceptually: If you set up a new access point using the same SSID and encryption settings, you didn't clone a network – you just extended it by one more access point/location where it's available!
A Wi-Fi network is the abstract concept of "all access points using the same name and passphrase", not an individual instance of an access point.
If you connect the two access points (e.g. using wired Ethernet), clients can actually roam between the two fairly seamlessly without any other setup required, and this even works across brands!
One thing to keep in mind re: roaming - devices tend to "stick" with their current AP even though there's a perfectly good same-SSID AP with much better strength available. There are protocols that can orchestrate between APs to "kick" stubborn devices to better APs: 802.11r, 802.11k, and 802.11v.
99.9% of people don't consider this an issue, I'd rather there not be one in the spec. It's just unnecessary complication. If you're the genuinely paranoid 0.1%, write a script.
Yeah, back in the day before HTTPS was common, this used to be a viable attack where people would set up rogue hotspots at cafes and whatnot and intercept all your traffic.
I think that's a different attack, where you could passively sniff wifi traffic from networks without WEP. I meant more just hosting your own hotspot with a popular name, forcing clients to connect to it via disconnect/reconnect attacks, and then you're essentially a tiny MITM ISP that can monitor all their unencrypted traffic
What's the difference in signal strength between bluetooth and wifi? I had assumed since they use the same frequency, and usually the same chip and antenna, they would be much the same (perhaps there are regulatory differences between them?) If anything, I'd guess that BLE would be more useful in this case as there is less handshaking, which means on a very poor connection you've got more of a chance of getting some data through.
Most devices are Class 2, with a maximum transmit power of only 2.5 mW; that's not a lot compared to Wi-Fi's ~20-30 mW.
AirPods are notably Class 1, which goes up to almost 20 mW! They accordingly have much better range as a result.
Bluetooth LE in newer version has new low-bitrate coding methods to allow for even greater ranges (called "Coded PHY"). Assuming Bluetooth LE classes are the same as for EDR (I don't know if they are!), this source [1] claims a 4 times greater range using coded PHY, which would be in the range of several hundred meters.
> I had assumed since they use the same frequency, and usually the same chip and antenna
Yes and no. Bluetooth is 2.4GHz, WiFi has many bands, including one around 2.4GHz. Those can share an antenna, but I think that means only one can be sending at a time (they could mix the signals, but I guess that would mean connection would fail for the less powerful Bluetooth signal)
“The 802.11 standard provides several distinct radio frequency bands for use in Wi-Fi communications: 860/900 MHz, 2.4 GHz, 3.6 GHz, 4.9 GHz, 5 GHz, 5.9 GHz, 6 GHz, 45 GHz and 60 GHz. Each range is divided into a multitude of channels. In the standards, channels are numbered at 5 MHz spacing within a band (except in the 45/60 GHz band, where they are 0.54/1.08/2.16 GHz apart), and the number linearly relates to the centre frequency of the channel. Although channels are numbered at 5 MHz spacing, transmitters generally occupy at least 20 MHz, and standards allow for channels to be bonded together to form wider channels for faster throughput.
Countries apply their own regulations to allowable channels, allowed users and maximum power levels within these frequency ranges. The ISM band ranges are also often used.”
FWIW I was referring to 2.4GHz Wifi, which shares is basically exactly the same frequency range as bluetooth (14 Channels in 2412-2484MHz vs 80 channels in 2400-2483.5MHz). The devices I've been working with share a chip and antenna, though they can't typically do both at the same time without multiplexing.
I'm interested in, for this particular problem (finding a device using just wifi or bluetooth), which one would have the greater effective range.
I've been using three AirTags and two of the cheaper clones mentioned above.
I can activate both about 100m away in the forest, if there is a line of sight.
On the other hand, i can walk an entire day through the forest (with some other people around every now and then) without a single position update from the tag.
If I had 2 wifi access points a meter apart would that me enough to be able to locate the device either behind or in front of the two antennas?
I assume I would need two wifi USB dongles for my PC and some sort of way to determine the time a beacon packet arrived but I don't know if the time difference is granular enough to be able to tell a difference in time between the two.
If I had just read this message before. This is an ingenious solution. He created a thetering wifi network with the same name and password of a network the phone would recognize. When there's a connection, it means the phone is near:
"I’ve used my own phone’s tethering feature to create a wifi network with the same name & password as my cousin’s home network - and we started walking around the place. We made sure the other guy helping us with the search had his own wifi off, to avoid false positives, and waited to find a new connection to the hotspot. And it worked! The connection was made when walking nearby the parked truck, but it turns out that the phone wasn’t in the truck - it was lying on one of the ATVs that was parked by its side."
In my job I regularly wonder how to get a found phone laptop or notebook back to their owner. The notebook is the easiest. The apple laptop the most stupid. I have the locked laptop i have my iphone you would think, with the closed eco-system, there to be some magic ritual i can perform for the laptop to register on the owners "find my device"???? Or at least let me type a number for them to call?
Sometimes, (if i charge the phone) eventually contacts real names appear on the home screen. This seems just the information one shouldn't be sharing?
Whenever I go to big concerts or gatherings, I set my lock screen to a screenshot of a WhatsApp story (that I never publish) saying something like that.
Do they usually have guest account access disabled, and would that help if enabled? I once saw a theory that guest account access can help because it grants the third party the ability to connect it to any WiFi network, allowing it to “phone home”
On iPhones, there is the ability to get the medical id (their name and emergency contact) from the Lock Screen too, if people set that up. I set my notifications privacy setting to show preview only when unlocked, so that it won’t show names of my contacts or one-time PIN codes texted to me
People Who forget their phone are perhaps more likely to not configure anything.
I can think of a number of ways to improve the finders experience. Give the provider something to configure. Say a dedicated helpdesk number where I report finding your phone and you can report losing it. Perhaps with a pin matched to the phone.
Say the finder manages to unlock it (0000) they can create a facinating phone bill. If reported as lost the provider can at least cap the bill at something more usual until your id is fully validated.
Could create an app for registered lost and found spots. Then can do all kinds of magic.
Having 1000$ bricks sitting on shelves looks kinda..dumb?
I did something very similar to connect my Amazon Fire-stick with my new TV at a different place when I had lost the remote (of Fire-stick). The TV remote was helpful, but only after I could connect the Fire-stick with a working Internet connection.
I remembered my old home's wifi SSID and password, so created a hotspot on my phone with the same SSID and password, and the Fire-stick got connected. All went good after that.
>Largely beautiful as this country is, as you get into more rural areas, there's a high chance you won't have cell phone coverage there - I'll leave it as an exercise to the reader to choose if that's a feature or a bug.
>We'd already called and sent some WhatsApp messages, so we knew the phone wasn't reachable.
The place had Wi-Fi, but the phone was just enough apart from the router to not reach it. The calls were WhatsApp Calls because we knew there was no cell service to make a standard call (don't know if the phone has VoLTE).
But if that's the case then the test is invalid: The point is to determine whether the lost phone is in coverage range. If you can get in range by moving around a bit then the lost phone might also be in such a place.
Nice! Now does anyone know a way to find my wireless earphones? Presumably in their charging box.
I expect not, because they don't have bluetooth on in their charger, and I don't think the charger itself has bluetooth. But just in case someone knows a miracle for me: Sony WF-1000XM4.
A few years ago I also found my mobile phone in Mar del Plata, Argentina, after a young horse passed over my daughter... it was using the find me option in a Fitbit watch linked to a Samsung mobile phone.
My daughter was perfectly fine, but that is another story: fingers crossed, she has some special powers.
If you have an Apple Watch, there is a nifty trick of pressing and holding the "Locate Phone" button in the Control Center. Doing so also engages the phone's flashlight so you can find it at night.
Watch out for any of those dangly bits getting caught on the lift, I almost got dragged by my backpack strap a few years ago. IMO better to lose the gear.
this is pretty smart, i didn't realize the hotspot tells you how many connections there are although i don't really use mine. my mind went straight to bluetooth pairing.
The hotspot didn't provide real Internet connectivity, since there was no service - only the places' WiFi, but out of reach, and the phone can't connect to the WiFi and provide the hotspot at the same time.
So probably not. But if the lost phone was an iPhone, walking around with another iPhone would have reported it (once the walking one was connected to the WiFi back again).
Both sides have to prove they have the PSK/password before the connection is established. This is of course done without sending the password in plain text.
TL;DR: created a wifi-network on another phone with same SSID and password as the one that the lost phone usually connects to, walked around waiting for the phone to connect, receive the "Find my phone" notification and send out a sound.
This, but without the "Find my". Not sure if my cousin would have been able to log into his account from another phone (maybe MFA would be a blocker if he tried), and my hotspot didn't actually provide Internet anyways.
I thought about "relaying" the place's Wi-Fi connection through a chain of phones sharing via bluetooth and Wi-Fi, but luckily we could find the phone without having to try that. The setup would have been something like:
Rationale is "I will be offline, so don't even try to connect". When I'm hikking in the mountains, maybe spending a couple of days up there, I only use my phone for GPS and/or photos - so everything else goes off.
Uh huh. Headphones returned.
Another officer returned to this scene and asked if we got the headphones back. I held them up and he says: “OH $&@# YEAH!”