Closed Bug 1097217 Opened 5 years ago Closed 5 years ago

Implement the Thomson Geolocation Fuzzer

Categories

(Firefox OS Graveyard :: General, defect)

ARM
Gonk (Firefox OS)
defect
Not set

Tracking

(Not tracked)

RESOLVED WONTFIX

People

(Reporter: huseby, Assigned: huseby)

References

()

Details

Sections 13.2 and 13.3 of RFC 6772 describe the sorts of trivial attacks that are possible against this method:
https://tools.ietf.org/html/rfc6772#section-13.2   This document also describes how a motivated attacker can use side channel information to recover geolocation.

I'd further recommend reading Matt Duckham's papers on the subject, which outline the complexity of a genuinely good solution in this space.  For instance: http://dl.acm.org/citation.cfm?id=1868472

And here's what I believe is the minimum it takes to obscure the location of someone in the absence of side channels: https://tools.ietf.org/html/draft-thomson-geopriv-location-obscuring  The proposed method does not do that.

I'm sensitive to potential need for a fixed geolocation for some use cases (TOR); that's a separate issue.

Before you try to land code, I think that it's important to articulate what you think the threat model is and what you intend to achieve.
Status: NEW → ASSIGNED
Depends on: 1097229
Blocks: 1057676
we're not going to continue working on fuzzing geolocation.
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.