Comments (6)
Having proposed this, I do need to list possible problems. If we are trying to mitigate the "Evil Dude is tracking his ex-wife" scenario, and Evil Dude knows the ESSID and MAC of her router, and that she's moved e.g. "somewhere in California", our public data will give him a list of cells in California. Can he then simply send enough requests to brute force the location info out?
from ichnaea.
@gerv Yes, but if we don't prevent brute-forcing, he could also brute force all known mac addresses and check against them all.
There's a balance to strike here between offering a good service and making it harder to abuse it. I think the "evil dude" scenario is highly unlikely, so I'd be willing to ignore it, if we can offer a better service to most users instead.
from ichnaea.
I think it's pretty unlikely too. But brute-forcing all known MAC addresses is a bit more of an effort - it's a 48-bit address space. And anyway, that wouldn't work unless he also correctly guessed the ESSID of the nearby access point, because of our hashing scheme.
from ichnaea.
Oh, we dropped the hashing scheme and any use of the ESSID. After the discussion on dev-security, we concluded that it doesn't actually buy as much. And it prevents us from sharing data with the other projects, as almost none of them record and store the ssid.
from ichnaea.
The API documentary should be updated regarding this issue
-> it says you need at least THREE wifi aps for a correct guess which isn't the actual state (at least 2) anymore as you have said (@hannosch)
from ichnaea.
We are about to publish the cell database, which makes it rather easy to do a search for the couple of large GSM cells covering a wide area + a single WiFi key you are interested in.
I think this is too much risk to try this novel approach here, which none of the other players in this space are using. At this stage of the project we are only aiming to do city / city block accuracies, so I'm not too interested in spending time on WiFi use-cases yet. We can revisit this later.
from ichnaea.
Related Issues (20)
- location.stage.mozaws.net has failed the web security baseline HOT 1
- `StationTest` fails around UTC midnight
- location.stage.mozaws.net has failed the web security baseline HOT 1
- location.stage.mozaws.net has failed the web security baseline HOT 1
- dependabot.yml
- Client headers are removed by gunicorn server
- location.stage.mozaws.net has failed the web security baseline HOT 1
- Tables datamap_* are empty HOT 8
- Time to update MLS database HOT 1
- `/v2/geosubmit` and other submission docs should say that API key is optional HOT 2
- CircleCI Access Issues HOT 3
- Client: Work on MLS data jumping huge distances? HOT 1
- Add 6GHz Wi-Fi
- Please assist me HOT 1
- Can you please tell me where to follow-up referencing these codes HOT 1
- Data loss when uploading measurements but API responds OK HOT 13
- Inaccurate GeoIP lookup (geoclue)
- 1
- Retiring the Mozilla Location Service HOT 69
- Save the Database HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ichnaea.