The Claim:
Are you human? Do you occasionally lose things? Does it suck when you do?
With the power of social networks and other fashionable buzzwords, you can spend money rather than get your shit together!
The Marketing:
Lapa is a sleek device, thinner than the width of a pencil, that communicates with a smartphone app so when you attach it to your valuables, you’ll always know where they are. When in range (150 ft or so with a direct line of sight), it can use the radio signal strength to help guide you to your misplaced item; when out of range, it can harness the collective power of the Lapa network to determine its last known location.
The Reality:
This device is EXACTLY the kind of thing the new Bluetooth 4.0 specification (Bluetooth Smart, Bluetooth Low Energy, or BLE) was designed for – small, low power, cheap electronics “that can operate for months or even years on tiny coin-cell batteries.” Very cool.
That said, there’s a fundamental conflict between “social”, which implies sharing details with people you may or may not know well, and “security”, protecting your valuable assets from people you may or may not know well. Specifically, they claim:
How can you simultaneously share the location of your wallet to everyone and have any guarantee that they won’t use that information for evil?
The creators don’t go into the specifics of their implementation, but from their description of its features, here’s how I would design a Lapa:
The BLE spec supports a mode they call “broadcasting”; the device can periodically (once every second or so) advertise some information, usually a device name and some information it has about the world. If the device is a thermostat, it might broadcast a unique ID and the current temperature, so if there happens to be a reader nearby, that reader can update its database with this latest-greatest information. If the device is a Lapa, it doesn’t need to have any additional information about the world – the phone can combine the Lapa’s unique ID with its own location to add your item’s most up-to-date location to its database.
With that bit of background out of the way, let’s talk use cases. The creators of Lapa describe two – you’re in radio range of your Lapa (e.g. your wallet is stuck between the couch cushions), and you’re out of radio range (e.g. you forgot your wallet at the overpriced coffee conglomorate down the street).
The first case is fairly benign – the app can guide you to your item through a series of “warmer”/”colder” clues based on the radio signal strength. In other words, because the Lapa is broadcasting with a fixed power, your phone perceives the signal as louder the closer you get. It’s not too different from having someone call your phone, except the ringtone is in the 2.4GHz ISM band.
What about if your Lapa is out of range? This is where marketers start throwing around words like “social” and I start feeling a bit squeamish.
Let’s start with the naive case – no remote database in the “cloud”, no Facebook, the app stores the last known location of your item locally on the phone. This works great until, one fateful day, you duck out for fro-yo, leave your phone at home to charge, and forget your favorite man-purse at the topping bar. As far as the app knows, the last known location of the Lapa was somewhere around your driveway, but because the device is always broadcasting, anyone with a BLE receiver in “scan” mode can get its information. If that BLE receiver happens to be a smartphone running the Lapa app, it will look up the unique serial number in its database, see you’ve reported it lost, and notify you that another fro-yo lover (anonymous to you) has heard from it recently. Meanwhile, their app shows them only items that belong to them – they know nothing of their heroism.
This is the happy-path, and with a well-designed database, it can be made reasonably secure. But doesn’t it seem a little weird that your self-described “valuable” is broadcasting its location to everyone and anyone constantly? All it takes is some know-how and a BLE sniffer for someone to equip themselves for a productive day of futuristic scavenging
(Image from the NY Times: For Beach Scavengers, Storm Washed Away Their Treasure, By Michael Schwirtz, Published: July 26, 2013)
Now, I’m sure some Indiegogo users are the tech-saavy type who can see through the sales pitch and are willing takes the calculated risk of broadcasting their passport’s location all the time if it slightly improves their odds of recovering it, but I would guess that the vast majority are not. Moreover, I understand this is really a marketing pitch, and I want to give them the benefit of the doubt and trust that they will take data security seriously, but is it not irresponsible to make no mention of the potential risks? To not explicitly disclose what data is tracked and stored? In principle, the functionality could be accomplished by storing only the last known location of the device, and that’s what is implied, but there’s nothing stopping them from tracking historical position information to build a profile of when and where your valuables typically are. Instead, the only stated risks involve package size, production delays, and certification.
(All images are screen shots of Lapa Indiegogo campaign as of 19 September 2013 unless otherwise noted)
I’m not quite sure that 2.4GHz wireless is a good way to make a “homing beacon” that lets you get hotter/colder reflecting the physical location of an object. The RSSI will depend on a lot of environmental stuff including metal, water, various building materials, and then of course interference from other 2.4GHz devices. There’s a lot of research out there for trying to do this (usually with 802.11 access points) but I haven’t heard of any particularly effective techniques. I’m guessing this feature won’t work to any useful degree at least half the time.
Good point – distance is only one factor that influences RSSI (and a potentially minor one, depending on the environment). I haven’t tried implementing something like this myself, but I’m not the least surprised to hear it’s a hard problem. Would you mind linking to some of this research that’s tried and failed?
Although it’s not something you mention, here’s a semi-relevant bit of trivia for you: there’s some confusion about the “Proximity Profile” defined in the BLE spec. Although it sounds like something the Lapa people might want to use, it simply “defines the behavior when a device moves away from a peer device so that the connection is dropped or the path loss increases above a preset level, causing an immediate alert.” (p7 of the Bluetooth Proximity Profile documentation) In other words, it’s not about tracking relative distance, it’s a common interface for alerting a device that it’s about to go out of range. Unfortunately, it seems most designers haven’t bothered to read the spec.
oops, left reply below instead of to your post.
Something like this: http://www.hindawi.com/journals/jcnc/2012/790374/ and there are other papers on the subject. I agree, the BLE proximity profile is not intended to be used the way they think it is (assuming that’s what they’d use). I really don’t see how they can implement anything beyond proximity profile, in which case that whole warmer/colder business is nonsense.
Have you determined that this is not a scam? I’ve pledged to this campaign, but have received VERY few updates from the makers and NO product at all (9 months, still waiting). So far, only a handful of backers have posted to the comments page claiming to have received their orders. Worse yet, it looks like they’ve lost the order info for Peter r; he was requested to “send his order info” to them. Why? Do they not know how to use Indiegogo? Aren’t our orders and name/address info available through Indie records? Of course, Indie seems to be A LOT more loose with regulations/rules than KS. Witness Lapa being allowed to create two campaigns for the same product.