Closed Bug 1097217 Opened 5 years ago Closed 5 years ago
Implement the Thomson Geolocation Fuzzer
Sections 13.2 and 13.3 of RFC 6772 describe the sorts of trivial attacks that are possible against this method: https://tools.ietf.org/html/rfc6772#section-13.2 This document also describes how a motivated attacker can use side channel information to recover geolocation. I'd further recommend reading Matt Duckham's papers on the subject, which outline the complexity of a genuinely good solution in this space. For instance: http://dl.acm.org/citation.cfm?id=1868472 And here's what I believe is the minimum it takes to obscure the location of someone in the absence of side channels: https://tools.ietf.org/html/draft-thomson-geopriv-location-obscuring The proposed method does not do that. I'm sensitive to potential need for a fixed geolocation for some use cases (TOR); that's a separate issue. Before you try to land code, I think that it's important to articulate what you think the threat model is and what you intend to achieve.
we're not going to continue working on fuzzing geolocation.
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.