Location Privacy Protocols, was Re: GPS trail - crazy idea

Paul Wouters paul at xelerance.com
Thu Jul 5 19:30:48 CEST 2007

On Wed, 4 Jul 2007, Werner Almesberger wrote:

> Trails of multiple users, shared in real time, would be the
> "killer application". I don't think anyone is doing that at the
> moment. A typical scenario would be to meet someone in a city
> both don't know. Street names aren't very useful, but knowing
> roughly where the other person is at the moment, would be.

Actually, some good research is being done at the University of
Waterloo, Canada.

A paper was presented at the Privacy Enhancing Technologies
conference in Ottawa a few weeks ago:

Louis, Lester and Pierre: Three Protocols for Location Privacy
Ge Zhong, Ian Goldberg, Urs Hengartner (University of Waterloo)

See: http://petworkshop.org/2007/papers/PET2007_preproc_Louis_Lester.pdf

Especially, an implementation of the Pierre protocol would be
interesting. In essence, using the protocol, two people can
reveal each others location but only when they are close to
each other. In other words, if you are not close to each other,
the other person does not obtain your location information.
Additionally, you can lie about your location if you just do not
want to be found right now, without revealing to the other person
that you are lying.

This would be a very cool IM plugin for Openmoko, and a good use
of the GPS in Openmoko without losing your privacy.

The authors have even implemented this protocol in an open source
library, though AFAIK, it has not yet been released (but is
available upon request)

> Directing a taxi to the other person's location should be fun,
> though ;-)

Though you joke about this, the abuse for revealing your location
is going to be a huge problem. Another interesting paper tracked
the dyndns.org records of thousands of individuals and they
managed to track and locate the identity of some, and followed
others across a north-american trip on a day to day basis:

Identity Trail: Covert Surveillance Using DNS
Saikat Guha and Paul Francis (Cornell University)

Which brings up an interesting point of how to deal with DNS
requests on Openmoko phones. How do we prevent revealing our
location while at the same time informing our friends of it.
This is especially important when considering ENUM.


More information about the community mailing list