Closed Bug 1097217 Opened 8 years ago Closed 8 years ago

Implement the Thomson Geolocation Fuzzer

Categories

(Firefox OS Graveyard :: General, defect)

Product:
Firefox OS Graveyard
Component:
General
Platform:
ARM
Gonk (Firefox OS)
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: huseby, Assigned: huseby)

References

(
URL
)

Details

Sections 13.2 and 13.3 of RFC 6772 describe the sorts of trivial attacks that are possible against this method:
https://tools.ietf.org/html/rfc6772#section-13.2   This document also describes how a motivated attacker can use side channel information to recover geolocation.

I'd further recommend reading Matt Duckham's papers on the subject, which outline the complexity of a genuinely good solution in this space.  For instance: http://dl.acm.org/citation.cfm?id=1868472

And here's what I believe is the minimum it takes to obscure the location of someone in the absence of side channels: https://tools.ietf.org/html/draft-thomson-geopriv-location-obscuring  The proposed method does not do that.

I'm sensitive to potential need for a fixed geolocation for some use cases (TOR); that's a separate issue.

Before you try to land code, I think that it's important to articulate what you think the threat model is and what you intend to achieve.
Status: NEW → ASSIGNED
Depends on: 1097229
Blocks: 1057676
we're not going to continue working on fuzzing geolocation.
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.