public access point database

Ryan Prior piratehead at gmail.com
Wed Jul 4 08:18:47 CEST 2007


That's not as far as it goes, either -- if the software required to set up
and maintain a geolocation database is free and open source, then anybody
who does not trust the central provider can set up a dedicated machine with
any desired level of security and privacy measures taken.

There are some who would not think twice about letting their location be
known to those that they list as friends -- users of Twitter and similar
services come to mind immediately. At the same time - thanks to The Magic of
Free Software - corporate users, journalists, and privacy-minded individuals
can keep close tabs on what happens to their information.

On that note, nothing stops servers running the same sort of geolocation
databases from networking, either. If I host such a database on my own
trusted machine in order to increase my privacy, I could still export choice
data points (once per day, or upon special request, for instance) to a
public database where anybody on my friends list can get at them. That way,
I can carefully restrict the ability of any third party to amass information
about me, while still selectively geonetworking with my friends.

On 7/4/07, Nick Johnson <arachnid at notdot.net> wrote:
>
> On 7/4/07, Ryan Prior <piratehead at gmail.com> wrote:
> > You seem to imply that there is a technical infeasibility that cannot be
> > overcome. If the public point database were segregated by a UNIX-style
> > permissions system and connected to via SSH, wouldn't it be just about
> as
> > safe as any public file server or database? Files that are "shared" can
> be
> > accessed, files that are private stay private. A server-side daemon
> could
> > negotiate friends lists, proximity, and other details without ever
> exposing
> > private position data publicly.
> >
> > Am I missing something on the privacy front? Perhaps I just didn't grok
> your
> > example.
>
> SSL would be better suited - perhaps that's what you meant.
>
> The main issue, I think, is that it requires users to trust this
> third-party database with some very personal information - possibly up
> to and including an ongoing log of their location. Even if the site
> itself is trustworthy, if it were compromised it could easily be
> exposed.
>
> The obvious solution, of course, is to simply restrict your userbase
> to those that are happy with the tradeoff.
>
> -Nick Johnson
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openmoko.org/pipermail/community/attachments/20070704/2a50be35/attachment.htm 


More information about the community mailing list