Re: Request for feedback on crypto privacy protections of geolocation data

On 11/09/13 03:27 AM, Daniel Veditz wrote: On 9/9/2013 11:21 PM, Chris Peterson wrote: The primary motivation for hashing the MAC+SSID was to avoid uploading the SSID (which is considered private data in some European countries) "private" means we can't even /look/ at it, rather than merely ca

Re: Request for feedback on crypto privacy protections of geolocation data

On 9/10/2013 10:09 AM, Hanno Schlichting wrote: > As of this moment, we filter out any AP that has been detected in two > different places (where different means more than ~1km away from each > other). This is very conservative approach and we'll relax that > later. What do you mean by filtered ou

Re: Request for feedback on crypto privacy protections of geolocation data

On 9/10/2013 3:46 AM, Gervase Markham wrote: > On 10/09/13 00:25, R. Jason Cronk wrote: >> Does this give Mozilla the >> ability to historically track me if I move my device? > > Yes; this is why publishing the full raw stumbled data sets is sadly > going to be not possible. Why would we have tw

Re: Request for feedback on crypto privacy protections of geolocation data

On 9/10/13 5:27 PM, Daniel Veditz wrote: On 9/9/2013 11:21 PM, Chris Peterson wrote: The primary motivation for hashing the MAC+SSID was to avoid uploading the SSID (which is considered private data in some European countries) "private" means we can't even /look/ at it, rather than merely can'

Re: Request for feedback on crypto privacy protections of geolocation data

On 9/9/2013 11:21 PM, Chris Peterson wrote: > The primary motivation for hashing the MAC+SSID was to avoid uploading > the SSID (which is considered private data in some European countries) "private" means we can't even /look/ at it, rather than merely can't store it? I believe Europe also conside

Re: Request for feedback on crypto privacy protections of geolocation data

On Sep 10, 2013, at 1:05 AM, Chris Peterson wrote: > On 9/9/13 4:25 PM, R. Jason Cronk wrote: >> On 9/9/2013 5:58 PM, Chris Peterson wrote: >>> Our private database maps access point hash IDs to locations (and >>> other metadata). Assuming: >>> >>>H1 = Hash(AP1.MAC + AP1.SSID) >>>H2 = H

Re: Request for feedback on crypto privacy protections of geolocation data

On 10.09.2013, at 03:39 , Gervase Markham wrote: > BTW, how does the service figure out the lat/long of an AP? Do we do > anything at all with signal strengths? Could we? This is a bit off-topic for the security discussion. I suggest starting a new thread on dev-geolocation, if you want to know

Re: Request for feedback on crypto privacy protections of geolocation data

On Sep 9, 2013, at 9:13 PM, Brian Smith wrote: > On Mon, Sep 9, 2013 at 2:58 PM, Chris Peterson wrote: >> Google's Location Service prevents people from tracking individual access >> points by requiring requests to include at least 2-3 access points that >> Google knows are near each other. Thi

Re: Request for feedback on crypto privacy protections of geolocation data

On 9/10/13 11:53 AM, Stefan Arentz wrote: I wonder if it makes sense to ban specific MAC address ranges (vendors) from appearing in this database. For example I think it would be possible to detect specific chipsets as being mobile devices vs stationary access points. Our stumbler does some

Re: Request for feedback on crypto privacy protections of geolocation data

On 10.09.2013, at 03:46 , Gervase Markham wrote: > On 10/09/13 10:48, ianG wrote: >> If that is the case, why not flip it around. Instead of trying to >> interpolate the existing data that is broadcast out there, why not write >> a protocol to broadcast the direct location from the wireless acces

Re: Request for feedback on crypto privacy protections of geolocation data

On 10.09.2013, at 03:46 , Gervase Markham wrote: > On 10/09/13 00:25, R. Jason Cronk wrote: >> What happens if I move? > > The raw database notes that you are now being detected in a new > location. What happens then is up for debate. I'd argue that if your > position was fixed for N months befo

Re: Request for feedback on crypto privacy protections of geolocation data

On 9/9/13 6:13 PM, Brian Smith wrote: On Mon, Sep 9, 2013 at 2:58 PM, Chris Peterson wrote: Google's Location Service prevents people from tracking individual access points by requiring requests to include at least 2-3 access points that Google knows are near each other. This "proves" the reque

Re: Request for feedback on crypto privacy protections of geolocation data

On 9/10/13 3:46 AM, Gervase Markham wrote: Related question: it would be great if there were some way to lift this restriction, at least for the web service if not for the database, while preserving the necessary privacy protections. My family's house, which is in a rural area, has a single acces

Fwd: Is there any reason not to enable proxy-autologin by default?

Bug 646452 We currently have a signon.autologin.proxy that is disabled by default. When enabled, if a proxy needs a password and that password is saved, Firefox will attempt to authenticate without prompting (and prompt if there is a failure).

Re: Request for feedback on crypto privacy protections of geolocation data

On 9/10/13 3:46 AM, Gervase Markham wrote: I believe the plan is to have a database of raw findings, then a processed database used by the web service, and a published database which may have even more data reduction. Chris P: can we get permission to store the raw SSID in the _unpublished_ data

Re: Request for feedback on crypto privacy protections of geolocation data

On 10/09/13 10:48, ianG wrote: > If that is the case, why not flip it around. Instead of trying to > interpolate the existing data that is broadcast out there, why not write > a protocol to broadcast the direct location from the wireless access point? Because only a tiny, tiny fraction of devices

Re: Request for feedback on crypto privacy protections of geolocation data

On 09/09/13 22:58, Chris Peterson wrote: > Google's Location Service prevents people from tracking individual > access points by requiring requests to include at least 2-3 access > points that Google knows are near each other. This "proves" the > requester is near the access points. Related questi

Re: Request for feedback on crypto privacy protections of geolocation data

On 10/09/13 02:13, Brian Smith wrote: > On Mon, Sep 9, 2013 at 2:58 PM, Chris Peterson wrote: >> Google's Location Service prevents people from tracking individual access >> points by requiring requests to include at least 2-3 access points that >> Google knows are near each other. This "proves" t

Re: Request for feedback on crypto privacy protections of geolocation data

On 10/09/13 00:25, R. Jason Cronk wrote: > Is the data aged? Not AFAIAA. > What happens if I move? The raw database notes that you are now being detected in a new location. What happens then is up for debate. I'd argue that if your position was fixed for N months before, and it seems fixed agai

Re: Request for feedback on crypto privacy protections of geolocation data

On 10/09/13 08:04, Henri Sivonen wrote: > 1) Android has a mechanism for detecting when it is connecting to a > portable AP provided by another Android device. Can we use the same or > a similar detection mechanism to detect portable APs and filter them > out? I suspect actually connecting to the

Re: Request for feedback on crypto privacy protections of geolocation data

On 10/09/13 04:14, Brian Smith wrote: > There is friction in changing SSIDs as it affects every device that > would connect to that network. There will also probably not be much > awareness among users of when/why/how to do this or what effect it > will have. So, I think this is an aspect that s

Re: Request for feedback on crypto privacy protections of geolocation data

On 10/09/13 06:05, Chris Peterson wrote: > The device would scan for nearby APs and send the hash of each AP's MAC > and SSID to our location server. Our server would not need to worry > about the hash of hashes pairs because that would only be used for > published data. The server would return an

Re: Request for feedback on crypto privacy protections of geolocation data

On 10/09/13 00:58 AM, Chris Peterson wrote: I'm looking for some feedback on crypto privacy protections for a geolocation research project I'm working on with the Mozilla Services team. If you have general questions or suggestions about the project, I'm happy to answer them, but I'd like to focus

Re: Request for feedback on crypto privacy protections of geolocation data

On Tue, Sep 10, 2013 at 4:13 AM, Brian Smith wrote: > I assume by "prevents people from tracking individual access points" > means the following: Some people have a personal access point on them > (e.g. in their phone). If somebody knows the SSID and MAC of this > personal access point, then they